Topic-specific policies
ISO/IEC TR 27109


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TR 27109 — Information technology — Information security, cybersecurity and privacy protection — Cybersecurity education and training [DRAFT]

 

Abstract

“This preliminary work item is considering the development of a technical report on cyber education.”
[Source: SC 27 Standing Document 11 (2021)]
 

Introduction

April status update It appears the standard intends to address the claimed dire global shortage of information (or ‘cyber’) security professionals, hopefully increasing the supply of newly-minted infosec pro’s to the market by suggesting standard curricula for educators offering college and university courses etc.

 

Scope of the standard

“This document provides state of the art information for cyber education and training, useful to those involved in cybersecurity as users, suppliers, certifiers, policy makers and regulators, educationalists, consumers, vendors and manufacturers.”
[Source: AWI draft (Feb 2022)]

 

Content of the standard

The standard may:

  • Cover cybersecurity awareness (?), training and education;
  • Suggest common/standard education and training curricula in this area;
  • List/mention applicable national guidance, strategies or regulations.

 

Status

A Technical Report is in preparation.

April status update It is at Working Draft stage, and is due to be published in March 2023 ... but a lot of work remains. Aside from simple grammatical and editorial errors, numerous citations of other standards, regulations and guidance need to be checked.

 

Personal notes

April status update With less than a year remaining before publication is due, the current draft falls well short of the planned scope. I see no ‘state of the art information’ for instance. This could turn out to be a train wreck of a project.

It would be good if this standard clarified the meaning of ‘cyber’ in order to educate those using the term. Fat chance!

The standard will hopefully complement rather than replace ISO/IEC 27021 concerning competencies required of ISMS professionals.

If national guidelines are to be listed, the details will need to be collated and managed indefinitely, implying a stream of maintenance updates to keep the standard reasonably accurate and current. Why is such an approach even being considered? Most other international standards don’t attempt to list national aspects except perhaps as examples.

 

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.